> I have now finish a little lasso 9 JWT library including a custom-type to
> read and validate heders containing the JWT. You can find it on:
>
> *https://github.com/agbetz64/lasso_jwt/> <https://github.com/agbetz64/lasso_jwt/>*
>
> I put it under a MIT licence, but I am happy to change it to any other
> open source licence if people feel strongly about it. Many thanks to Jolle
> for his input and improvements.
>
> Best
> Alex
>
> #############################################################
>
> This message is sent to you because you are subscribed to
> the mailing list Lasso [hidden email]> Official list archives available at http://www.lassotalk.com> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to <[hidden email]>
>

Re: lasso-jwt now on git hub

it is not the JWTs that are the problem it is how people use them that is!
In most cases I would certainly stick with session and cookies. But just to
hand over a signed token they are pretty good and pretty safe.
All the appropriate checking should be done on the server. I have given
only a couple of ideas how that can be achieved. The best lock in the world
will not protect you from burglars if you leave the door open ;-)